CN112262544A - Apparatus, system, and method for generating and processing cryptographic parameters - Google Patents

Abstract

Devices, systems, and methods of generating and processing cryptographic parameters. The first device and the second device store the same secret seed value, utilize the same deterministic pseudorandom number generation function, and modify the function with the same deterministic value. The first device generates candidate values, sequentially modifies its values, and performs a primality test until a confirmed prime number is found. The first device indicates to the second device how many iterations of value modification to perform so that the same already-validated prime number can be reached and thus regenerated therein without performing any primality tests in the second device.

Description

Apparatus, system, and method for generating and processing cryptographic parameters

Technical Field

Some embodiments relate to the fields of information security and cryptography.

Background

Millions of people worldwide use electronic devices for a variety of purposes each day. For example, people utilize laptop computers, desktop computers, smart phones, tablet computers, and other electronic devices to send and receive electronic mail (e-mail), browse the internet, play games, consume audio/video and digital content, participate in Instant Messaging (IM) and video conferencing, perform internet banking transactions and online shopping, and perform other various tasks.

Some tasks utilize encryption of information. For example, a user may make an online purchase at an electronic commerce (e-commerce) provider using the internet, or may perform a banking transaction using a dedicated mobile application ("app"). Data exchanged between the end-user device and a remote server (e.g., a remote server of a vendor, bank, etc.) may be encrypted for security purposes.

Some cryptography systems use prime numbers for data encryption, decryption, and/or other cryptographic tasks. For example, Rivest-Shamir-adelman (rsa) cryptographic systems may utilize a public encryption key and a private (secret) decryption key; such that the public encryption key is based on the product of two secret large prime numbers; to decrypt the data, the large prime numbers of the two secrets need to be known.

Drawings

Fig. 1A is a schematic diagram of a system in accordance with some demonstrative embodiments.

FIG. 1B is a more detailed diagram of the system depicting additional components of the system.

Fig. 2A is a schematic diagram of another system in accordance with some demonstrative embodiments.

Fig. 2B and 2C are more detailed illustrations of two devices of the other system.

Detailed Description

The applicant has appreciated the following problems: while some cryptographic algorithms require the generation of large prime numbers, some electronic devices lack the processing resources to adequately and/or quickly perform this task. For example, cellular phones or portable electronic devices or "internet of things" (IoT) devices may be produced with certain limitations, such as having a small form factor, having lightweight components, having limited battery power, having a low power processor, having a limited amount of memory, and so forth. Thus, such devices may not be able to generate large prime number(s) quickly, or may be able to generate prime numbers at a generation rate that may hinder or impair device performance.

According to some embodiments, a client-side device (or "weaker" device) with limited processing resources needs to generate prime number(s), and this task is partially performed via a remote server or remote processing device (or "stronger" device) with more abundant processing resources. For example, each of the client device and the remote server is pre-configured to locally store the same, specific secret data item (e.g., a seed value); and also locally stores the same, specific deterministic pseudo-random number generation (D-PRNG) function that is used to generate initial candidate values and perform a deterministic iterative function to sequentially change prime candidate values to other prime candidate values. The D-PRNG function is a function that receives a secret data item (or other specific value derived from a secret data item) as an input and is capable of generating an initial pseudo-random candidate value, and the sequential iteration function uses a counter to perform multiple iterations. Each iteration of the Iterative Function (IF) generates a candidate number that is then checked for primality. However, rather than performing multiple iterations of candidate generation via the D-PRNG and iteration functions within the client-side device, and subsequent primality checking of each candidate within the client-side device, the client-side device delegates a partial prime generation process to a remote server.

For example, the client-side device sends an initial message to the remote server indicating that the client-side device needs to utilize a large prime number. The remote server receives the message; and then perform multiple iterations of the D-PRNG function based on the secret data item and check the primality of the candidate output number until the primality of the candidate output number can be confirmed. For example, after 17 such iterations, the D-PRNG function at the remote server would generate a candidate value that the remote server confirms is prime. Then, in some embodiments, the remote server sends a message to the client-side device, such as: it indicates that: "please run the D-PRNG function for 17 iterations, but without performing any primality tests on any of the candidates; the candidate value generated by the 17 th iteration of your D-PRNG function is a confirmed prime number "; allowing the client side device to skip all the primality checks of all 17 candidates.

Some embodiments may be used in conjunction with various cryptographic units or systems, encryption units, decryption units, public key cryptographic systems, and various field and group operations that utilize large prime numbers; particularly in connection with units and algorithms that utilize large prime numbers to generate cryptographic assets, such as secret or decryption keys or private keys, such as Rivest-Shamir-adelman (rsa) cryptographic systems, Finite Field Cryptography (FFC) systems, Digital Signature Algorithm (DSA) systems, and the like.

For purposes of illustration, some portions of the discussion herein may refer to a "server" or "remote server" or "server-side" device that performs prime number generation tasks for a "client" device or "client-side device" or "end-user device"; or similarly, for purposes of illustration, some portions of the discussion herein may refer to "strong" or "stronger" devices or "rich computing resource devices" performing prime generation tasks for "weak" or "weaker" devices or "reduced computing resource devices"; however, some embodiments may be used in conjunction with any two other types of devices, or with any suitable system or pair of devices in which a first device (any suitable type of device) is requested or required to facilitate generation of prime number(s) on (or in, or by) a second device (any suitable type of device); examples include: a set of devices or a network of devices in which a more available device or a currently available device is assigned (e.g., temporarily, or ad hoc, or once, or repeatedly, or often) to assist another device in the generation task of prime number(s).

Applicants have appreciated that some client-side devices (particularly IoT devices or sensors) and form-factor limited devices or portable devices may be equipped with processors of reduced processing power, and/or may be equipped with a limited amount of memory, particularly secure memory (e.g., for holding large cryptographic keys); and thus may not be suitable for quickly, locally generating prime numbers and/or cryptographic keys.

Applicants have also appreciated that in some cryptographic systems, such as the RSA cryptographic system, a significant portion of the processing resources and/or processing time may be consumed by the primality tests performed on the prime candidates. For example, applicants have appreciated that because multiple prime number candidates need to be iterated through a plurality of primality checks, an entry-level processor or low-cost processor may take minutes or even hours to perform the task of generating a single large prime number, particularly when large cryptographic keys need to be generated (e.g., 2,048-bit or 4,096-bit or 8,192-bit cryptographic keys). Applicants have also appreciated that securely storing such long cryptographic keys in secure memory may require a large amount of storage space (e.g., a single cryptographic key requires 4-12kb of secure storage).

Applicants have appreciated that conventional devices may perform generation of prime number(s) in a manner that may be time consuming and/or consume processing resources. For example, conventional devices generate (e.g., randomly or pseudo-randomly) a secret seed value, or receive or obtain such a secret seed value from another source. The secret seed value is then used as a seed value for a deterministic pseudo-random number generation (PRNG) function. The deterministic PRNG receives the seed value and possibly also accessory data; and then executing a deterministic cryptographic algorithm that generates a pseudo-random number as a "prime candidate". The apparatus then performs a primality test on each current prime candidate until a prime candidate is identified as prime. The deterministic PRNG performs multiple iterations to generate prime number candidates as long as such candidates are still needed and until the primality test confirms at least one prime number candidate as a prime number.

Some embodiments include methods, systems, and devices for generating, communicating, compressing, storing, processing, and/or regenerating prime numbers and cryptographic assets or cryptographic parameters associated with (or based on) the prime number(s). For example, a method comprises: an initial prime candidate is deterministically generated for each of the required primes by using a secret seed passed to the deterministic PRNG function and optionally additional data. The generated prime candidates are passed to one or more primality test functions, such as a deterministic function that performs a primality test. If the primality test is not passed, the deterministic function(s) performs an order change according to a deterministic algorithm on the prime candidates that have been tested. For each prime candidate confirmed as a prime, the system saves the final value of the correlation counter(s) used by the deterministic PRNG function, allowing the storage and/or transmission of a compressed representation of the prime based on the correlation value(s) of such counter(s) (e.g., "the 17 th iteration of the deterministic PRNG is a confirmed prime," or "the 17 th candidate generated by the deterministic PRNG is a confirmed prime").

The value(s) of such counter(s) of the deterministic PRNG, as well as the secret seed value and optional additional data (e.g., key index) may be used as a "compressed form" or "shorter version" of the validated prime number, and thus may also be used for cryptographic keys or cryptographic assets or cryptographic parameters derived from such confirmed prime number(s), which may then be efficiently stored or saved in a (e.g. secure) small memory unit, may be quickly transmitted or sent, and/or may be quickly regenerated, using the same deterministic PRNG function, as needed, by repeating the same iteration on prime candidates until a given counter value is reached, without having to re-perform any primality tests, so that the regeneration of already confirmed prime numbers is achieved by a reduced power or resource limited device.

In some embodiments, the first generation of the new set of prime numbers and thus their corresponding cryptographic keys in compressed form is performed on a more "strong" device (e.g., a server computer with a faster processor and abundant memory) that performs a primality test on each prime number candidate. The compressed data that will indicate which counter value or which iteration of the deterministic PRNG will produce a confirmed prime number is then sent or transmitted to a "weak" or "weaker" device (e.g., portable electronic device, IoT device) that performs a fast regeneration of the prime number, but without performing any primality tests.

Applicants have appreciated that even relatively "weak" devices (e.g., portable devices, IoT devices) with limited processing resources can quickly and efficiently generate large, already-confirmed prime numbers based on: (I) a predefined deterministic PRNG function, which is known to the "weak" device as well as to the remote server; and (II) a secret seed value, which is known only to the "weak" device and the remote server; and (III) a counter value or iteration value that accurately indicates to the "weak" device how many iterations of the deterministic PRNG function are to be performed (based on the secret seed value) until the validated prime number is generated. Thus, a "stronger" device may perform an initial generation of prime number(s), including the generation of multiple candidates and including a primality test for each such candidate; and then the "stronger" device may indicate to the "weaker" device which iteration of the deterministic PRNG would result in a confirmed prime number, causing the "weaker" device to quickly regenerate the confirmed prime number on its side and use the confirmed prime number for performing cryptographic operations (e.g., for performing derivation or generation of cryptographic keys). Thus, when running multiple iterations of a deterministic PRNG, a "stronger" device saves and stores not only the confirmed prime number, but also the counter value(s) or iteration value(s) that generated the confirmed prime number(s); because these counter values or iteration values may then be sent, communicated or otherwise communicated to the "weaker" device, and where such already-confirmed prime numbers may be quickly and efficiently regenerated; for example, no primality tests need to be performed on the "weaker" device.

In some embodiments, the transfer or sending or transmission of "compressed data" (e.g., counter values or iteration values) from a stronger device to a weaker device does not necessarily pass through (or via) a protected or secure channel; for example, in the following case: the common seed value is pre-stored or pre-installed (e.g., in a secure manner) on both the weak device and the strong device as a "shared secret" known only to both devices (e.g., pre-installed during serialization of the weak device); or in the following cases: the public seed value is established in a secure manner to ensure that only strong and weak devices know the seed value (e.g., using a Diffie-hellman (dh) key exchange).

Reference is made to fig. 1A, which is a schematic illustration of a system 100, in accordance with some demonstrative embodiments. The system 100 may include a first device 101 (which may also be referred to as an "auxiliary device") that may assist a second device 102 (which may also be referred to as an "auxiliary device") in the task of generating prime number(s). For example, the second device 102 may be a "weak" or "weaker" device with limited processing resources; such as IoT devices or sensors; a portable device; a small form factor device. Conversely, the first device 101 may be a "strong" or "stronger" device, such as a local server computer, a remote server computer, a "cloud computing" server, or a device, with abundant or sufficient or abundant or unreduced processing resources. The components of system 100 may operate or cooperate to enable efficient generation, regeneration, processing, storage (or preservation), and/or transmission (or sending or transmission) of prime numbers; for example, efficient generation, regeneration, processing, storage (or preservation), and/or transmission (or sending or transmission) of a single prime number (denoted as P) or multiple prime numbers is achieved.

The first device 101 and the second device 102 may communicate via one or more communication links and/or communication channels and/or communication networks, or may exchange messages or signals, which are not necessarily (or include) secure channels; for example, via a wired link, a wireless communication link, a cellular 2G or 3G or 4G-LTE or 5G communication link, a Wi-Fi link, an IEEE 802.11 link, a Wi-Max link, an IEEE 802.16 link, a Bluetooth link, a Zigbee link, a Local Area Network (LAN), or a wireless LAN (W-LAN), etc.

For example, the first device 101 receives or generates or pre-stores a secret seed (denoted S) and optionally non-secret additional data (denoted a). In an illustrative embodiment, the secret seed (S) may have 256 bits; and the additional data (a) may be a hash value of the secret seed S (e.g., a 1, 792 bit output of a hash function feeding the secret seed S as an input). In some embodiments, the additional data (a) need not be secret; and may be stored in a memory unit or storage unit that is not necessarily a secure memory; and may be transmitted or transmitted over a communication channel that need not necessarily be a secure channel.

The second device 102 has either pre-stored the same secret seed (S) or receives the same secret seed (S) from the first device 101 (or from a trusted third party) via a secure channel. The second device 102 also has the same additional data (a) pre-stored or received (e.g. via a secure channel, or even via a non-secure channel) from the first device 101 or from a trusted third party.

Thus, the same secret seed (S) is stored locally in the first device 101 and locally in the second device 102; and, the same non-secret additional data (a) is stored locally in the first device 101 and locally in the second device 102.

In some embodiments, optionally, a deterministic additional data generator 194A may be included in the first device 101 and may generate the additional data (a) locally from the secret seed (S) via a deterministic algorithm; for example, by a hash algorithm or other deterministic conversion algorithm. Similarly, a deterministic additional data generator 194B may be included in the second device 101 and the additional data (a) may be generated locally from the secret seed (S) via the same deterministic algorithm employed by the deterministic additional data generator 194A of the first device 101. Thus, both devices 101-102 may pre-store the same secret value (S); and each of them can independently generate and locally store the same additional data (a).

In the first device, the deterministic PRNG 111 generates a candidate value (or "prime candidate" or "PCV"). Since this is the initial candidate value, the iteration counter C1 is reset or set to zero (e.g., via the counter reset/advance module 117) before or immediately after the first prime candidate value PCV is generated. The primality of the first prime candidate value PCV is then tested within the first device 101 by a suitable (e.g. deterministic) primality testing unit 112. The primality test may be performed by any suitable method(s) to determine if the input number is a prime number; for example, by a trial division algorithm (e.g. checking whether 2 or any odd number from 3 to the square root (P) divides the prime candidate PCV evenly without leaving a remainder), or by an elliptic curvilinearity test, etc.

If the primality test result of the prime candidate PCV is "false" (or "failed" or "not true"), indicating that the prime candidate PCV is not a prime, then: the deterministic order changing module 113 deterministically and sequentially modifies the value of the prime candidate PCV to a new prime candidate, denoted PCV'; and the value of iteration counter C1 is incremented by 1 (e.g., by counter reset/advance module 117) to indicate that the first order change iteration has just been performed. The deterministic order changing module 113 may utilize any suitable deterministic function that changes the previous prime candidate value PCV to a new, different prime candidate PCV' in a deterministic (non-random) manner; for example by adding the value "2" (decimal) to the previous prime candidate PCV, or by performing other deterministic operations (e.g. the operations described in ANSI X9.31, section B4 "Generation of prime (steps 2, 3, 4)). The new prime candidate PCV 'is then fed to the primality test unit 112 and the process is iteratively repeated (e.g. sequentially changing the value of the prime candidate value PCV' in a deterministic manner while updating the iteration counter C1 in each iteration accordingly) until the first prime candidate value yields a primality test result "true", which result indicates a confirmed prime.

Once the primality test result for a prime candidate value, such as the prime candidate value PCV' "generated after three consecutive changes of the initial PCV, is" true, "that particular prime candidate value is a confirmed initial number, denoted CPN. Optionally, the primality test unit 112 outputs the full length validated prime number CPN or stores it locally within the first device. The compressed prime number storage unit 114 locally stores a "compressed version" or a "short format" or a "reduced size version" of the validated prime number CPN within the first device 101. In some embodiments, the compressed version of the validated prime number CPN may be a three-item data set including: (i) a secret seed value S, (ii) additional data a, and (iii) a value of an iteration counter C1 when the primality test result is affirmative. In other embodiments, the compressed version of the validated prime number CPN may be only a single number (e.g. having a value of zero or a natural number) which indicates only the value of the iteration counter C1 when the primality test result is positive (since the secret seed value S and the additional data a have been pre-stored elsewhere in the first device 101 and are fixed values and are known to the second device 102).

The compressed version of the confirmed prime CPN may then be transmitted, transferred or sent from the first device 101 to the other device(s), in particular the second device 102, via one or more wired and/or wireless communication links, and/or via a protected communication channel, or even via an unprotected communication channel. For example, the first device 101 may send or communicate or transmit a message or signal to the second device 102 indicating the final value of the iteration counter C1.

Upon receiving the compressed version of the validated prime number, the second device 102 may operate to locally regenerate on its side either the full or full-length uncompressed version of the validated prime number CPN.

As described above, the second device 102 also securely stores therein the same secret seed value S as securely stored in the first device 101; and, the second device 102 also stores (securely or non-securely) therein the same additional data a stored in the first device 101. Further, the second device has a deterministic PRNG 121 that is the same as the deterministic PRNG 111 of the first device; that is, the deterministic PRNG 121 of the second device 102 includes or has or utilizes the same deterministic PRNG function used by the deterministic PRNG 111 of the first device 101. In addition, the second device 102 comprises a deterministic order change module 123 having or comprising or making use of the same deterministic order change function used by the deterministic order change module 113 of the first device 101.

In contrast to the first device 101, the primality test unit is not present in the second device 102, or is not included in the second device 102, or is excluded from the second device 102; alternatively, in some embodiments, the primality test unit may be included in the second device 102 (e.g., for mass production considerations or limitations), but deactivated or shut down or bypassed or not utilized at all by the second device 102.

The second device 102 receives a compressed version of the confirmed prime CPN from the first device 101; for example, by receiving from the first device 101 only when the final value of the iteration counter C1 is reached at the first device 101 upon confirmation of the prime number.

The deterministic PRNG 121 of the second device 102 proceeds to locally generate an initial prime candidate value PCV based on the secret seed value S and the additional data a. Since this is an initial candidate, the local iteration counter C2 in the second device 102 is reset or set (e.g., via the counter reset/advance module 127) to zero. The initial prime candidate value CPN is not primatized within the second device 102. Instead, the value of the iteration counter C2 of the second device is compared (e.g., via the counter value comparator 128) with the value of the iteration counter C1 received from the first device (or checked against); checking whether the most recently performed operation of the deterministic PRNG 121 of the second device 102 has the same number of iterations as the number of iterations that produced the Confirmed Prime Number (CPN) in the first device 101.

If the check is positive, i.e. the current value of the iteration counter C2 of the second device 102 is equal to the value of C1 received from the first device 101 as its final iteration counter C1, then: the output of the deterministic PRNG 121 of the second device 102 is further used as a validated prime CPN (e.g., for cryptographic purposes), and/or stored locally within the second device (e.g., securely stored in a secure memory) in a full-length/uncompressed format (e.g., storing all bits or all digits of such a validated prime CPN); and optionally the current value of iteration counter C2 is also stored locally within second device 102 to enable further regeneration of the particular confirmed prime CPN from the final value of iteration counter C2.

Conversely, if the check is negative, i.e. the current value of the iteration counter C2 of the second device 102 is not equal to the value of C1 received from the first device 101 as its final iteration counter C1, then: the prime candidate PCV is discarded because it is not a confirmed prime; and the value of the iteration counter C2 of the second device 102 is incremented by 1 (e.g., by the counter reset/advance module 127); and the deterministic order changing module 123 of the second plant 102 operates to change the most recent prime candidate value PCV into a new, different prime candidate value PCV' deterministically and sequentially in a deterministic (non-stochastic) manner. The new prime candidate PCV' is not subsequently subjected to a primality test; but instead compares the value of the iteration counter C2 of the second device 102 with the value of the iteration counter C1 received from the first device 101; and the process is iteratively repeated in the second device 102 until the value of the iteration counter C2 reaches (i.e., equals) the value of the iteration counter C1 received from the first device 101, thereby indicating to the second device 102 that the most recent sequentially modified prime candidate value PCV (e.g., PCV' "if three sequential changes were made) is indeed a confirmed prime CPN, which the second device can then use to perform a cryptographic task.

Since both the first device 101 and the second device 102 utilize the same seed value S, the same additional data a, the same deterministic PRNG function (111, 121), and the same deterministic order changing function (113, 123), and since the second device 102 performs the same number of iterations (C2) as indicated by the first device when the confirmed prime was found in the first device 101 (C1), the system 100 enables the second device 102 to regenerate the same confirmed prime therein without performing any primality tests within the second device 102.

Optionally, the compressed prime number storage unit 124 stores a "compressed version" or a "short format" or a "reduced size version" of the validated prime number CPN locally within the second device 102. In some embodiments, the compressed version of the validated prime number CPN may be a three-item data set including: (i) the secret seed value S, (ii) the additional data a, and (iii) the value of the iteration counter C1 received from the first device 101. In other embodiments, the compressed version of the validated prime number CPN may be only a single number (e.g., having a value of zero or a natural number) that indicates only the value of the iteration counter C1 received from the first device 101; since the secret seed value S and the additional data a have been pre-stored elsewhere in the second device 102 and are fixed values.

To simplify the discussion, FIG. 1A depicts an illustrative embodiment of a system 100 with emphasis on the particular components involved in the generation or regeneration of prime numbers. Referring now to FIG. 1B, a more detailed diagram of the system 100 depicting additional components that may be included in the system is shown.

For example, the first device 101 may include: a processing unit 131 (e.g., a processor, processor core, Integrated Circuit (IC), Application Specific Integrated Circuit (ASIC), Central Processing Unit (CPU), Graphics Processing Unit (GPU), controller, etc.) capable of executing code and/or instructions; a memory unit 132 (e.g., Random Access Memory (RAM), flash memory) to store data, particularly for short-term or temporary storage; a storage unit 133 (e.g., Hard Disk Drive (HDD), solid state drive (SDD), flash-based storage) to store data, particularly for long-term storage; a secure memory 134, which may be a dedicated memory unit or a dedicated portion or area of a memory unit that is not subject to attack and/or tampering and/or interception by unauthorized users or modules or applications; an optional Secure Execution Environment (SEE)135 in which one or more processing operations may be performed; a wired or wireless transceiver 136 capable of communicating with the second device 102 (e.g., capable of receiving a message or signal from the second device 102 requesting generation of a prime number; capable of sending or transmitting a message to the second device 102 including a compressed version of an acknowledged prime number or a reduced-size representation); and/or other suitable components or modules or units (e.g., keyboard, mouse, display unit, power supply, Operating System (OS), drivers, applications, etc.) that may alternatively be part of a computer or computer server. Optionally, some or all of the components of the first device 101 that participate in the generation of the prime number(s) may be implemented as (or part of) the prime number generator unit 130.

The second device 102 may for example comprise: an encryption unit 141 capable of performing data encryption; a decryption unit 142 capable of decrypting data; a cryptography unit 143 capable of performing other cryptographic operations or security-related operations (e.g., hashing, salting, authenticating, generating or applying or verifying a digital signature, etc.). Optionally, some or all of the components of the second device 102 that participate in the regeneration of prime number(s) and/or that participate in storing these prime numbers in compressed form may be implemented as (or part of) the prime number regenerator/storage unit 140.

Optionally, the second device 102 may include: a processing unit 171 (e.g., a processor, processor core, Integrated Circuit (IC), Application Specific Integrated Circuit (ASIC), Central Processing Unit (CPU), Graphics Processing Unit (GPU), controller, etc.) capable of executing code and/or instructions; a memory unit 172 (e.g., Random Access Memory (RAM), flash memory) to store data, particularly for short-term or temporary storage; a storage unit 173 (e.g., Hard Disk Drive (HDD), solid state drive (SDD), flash-based storage) to store data, particularly for long-term storage; a secure memory 174, which may be a dedicated memory unit or a dedicated portion or area of a memory unit that is not attacked and/or not tampered with and/or not intercepted by an unauthorized user or module or application; an optional Secure Execution Environment (SEE)175 in which one or more processing operations may be performed; a wired or wireless transceiver 176 capable of communicating with the first device 101 (e.g., capable of sending a message or signal to the first device 101 requesting generation of a prime number; capable of receiving a message from the first device 101 including or reflecting a compressed version of a confirmed prime number or a reduced-size representation); and/or other suitable components or modules or units that may optionally be part of an electronic device (e.g., a keyboard, mouse, display unit, screen, touch screen, accelerometer, compass unit, gyroscope, one or more sensors, Global Positioning System (GPS) unit, battery or other power source, Operating System (OS), drivers, applications, "app" or "mobile app," etc.).

One or more of encryption unit 141, decryption unit 142, and/or cryptography unit 143 may occasionally or periodically require the use of large prime numbers, for example, as part of a cryptographic operation. Prime number requestor 144 of second device 102 may send a message or signal, such as wirelessly (or over a wired link), to first device 102 via transceiver 145 to indicate a request to receive a new prime number in a compressed format from second device 102. Subsequently, the transceiver 176 (or other receiver unit) of the second device 102 may receive back from the first device 101 a message in a compressed format that includes or indicates the already confirmed prime number whose primality has been tested and confirmed by the first device 101; and the received compression format enables the prime number re-generator/storage unit 140 of the second device 102 to locally re-generate the same already validated prime number without having to locally test or re-test its primality.

System 100 may optionally include one or more other suitable components, units, and/or modules. For example, in some embodiments, the first device 101 and the second device 102 may comprise a secret seed generation/exchange unit (151, 152) such that the two devices 101 and 102 are capable of generating and/or exchanging (in a secure manner) a secret seed value; for example, using Diffie-Hellman (DH) key exchange or using other key establishment/key exchange algorithms.

Optionally, the first device 101 and the second device 102 may comprise additional data generation/exchange units (153, 154) such that the two devices 101 and 102 are capable of generating and/or exchanging (e.g. in a secure manner) the same additional data (a) used as input (together with the secret seed value S) by the deterministic PRNGs (111, 121). For example, in some embodiments, the additional data (a) may be (or may include) a hash value of the secret seed value, or a hash value of at least a portion of the secret seed value; wherein both the first device 101 and the second device 102 utilize the same hash function operating on the same seed value or the same part of the seed value, and this may be achieved via their deterministic additional data generators (194A, 194B). In other embodiments, the additional data (a) may be generated by a function that deterministically inflate smaller sized seed values to larger sized additional data; or may be generated by the first device 101 and then may be securely transmitted from the first device 101 to the second device 102; or may be generated by the second device 102 and then may be securely transmitted from the second device 102 to the first device 101.

In some embodiments, the system 100 may optionally utilize other suitable formats or versions of the reduced size representation of the already-validated prime numbers, which enables the already-validated prime numbers to be quickly regenerated without the need to perform or re-perform primality tests on these candidate prime numbers; and such other formats do not necessarily need to include the value of the iteration counter (C1). For example, instead of sending the final value of the iteration counter (C1) corresponding to the final iteration of sequentially modifying the prime candidate value PCV, the first device 101 may employ the full-length validated prime CPN; for example, via a K-bit extractor 161 that extracts only the 8 or 12 or 16 or 24 or 32 or 64 least significant/rightmost (or digits) bits of the full-length validated prime number, only the K rightmost (or digits) bits or only the K least significant (or digits) bits may be extracted from the prime number. The extracted K bits may be sent from the first device 101 to the second device 102 instead of sending the value of the iteration counter C1. Then, the second device 102 generates prime candidate values in an iterative manner; however, the second device 102 does not count the generated iterations and compare the counter values until C1 is reached, but rather compares the K most/least significant bits of each locally generated prime candidate with the K bit entries received from the first device 101 and belonging to already confirmed prime numbers. If the K most/least significant bits of the currently generated prime number candidate are the same as the K bit entries received from the first device 101, the second device 102 determines that the current prime number candidate is indeed an already confirmed prime number and uses it further for the cryptographic task. Conversely, if the K rightmost/least significant bits of the currently generated prime candidate are different from the K bit terms received from the first device 101, the second device 102 determines that the current prime candidate is not a determined prime and the second device 102 continues to perform additional iteration(s) of locally generating prime candidates and checking their K rightmost/least significant bits until a match is found. The comparison operation may be performed, for example, by the K bit comparator unit 162 in the second device.

In some embodiments, rather than sending the rightmost or least significant K bits of the full-length confirmed prime number in its "as is" format, a converted version of these K bits may optionally be prepared at the first device 101, for example via a K-bit conversion unit 163 which takes these K bits and subtracts them from (or exclusive OR XOR with) the secret seed value S (or the additional data A), the result of such an operation (subtraction; or XOR; or other conversion operation) being a converted version sent from the first device 101 to the second device 102. The second device 102 then receives the converted version of the rightmost/least significant K bits of the full-length validated prime number and performs the inverse conversion operation locally (e.g., XOR' ed with the seed value; or adds the converted version to the seed value) via the K-bit inverse conversion unit 164, the K-bit inverse conversion unit 164 thus producing the actual value of the rightmost/least significant K bits of the full-length validated prime number; the second device 102 then compares it to the rightmost/least significant K bits of each locally generated (and untested) prime candidate to determine whether the current prime candidate is indeed a confirmed prime. The value of K itself (i.e., how many rightmost bits to send) may be preconfigured based on specific implementation considerations or may be determined dynamically, optionally taking into account a function that estimates the prime frequency within a particular search space.

In some implementations, the confirmed prime CPN may be represented in compressed or reduced-size form and/or communicated to the second device 102 by utilizing one or more parameters, which may be referred to as "correction factors" or "correction coefficients" or "correction parameters". For example, rather than transmitting the final value of the iteration counter C1 (or a final set of values of such multiple iteration counters, such as the final values of iteration counters C1 through C6 discussed further herein) from the first device 101 to the second device 102, one or more correction parameters may be generated at the first device 101 by the correction parameter generator 181 and transmitted from the first device to the second device 102 where such correction parameters may be used by the correction-based CPN re-generator 182 to re-generate the validated prime CPN. For example, the deterministic PRNG 111 of the first device 101 may utilize the secret seed value (S) and the additional data (a) to generate a large odd (non-even) pseudo-random number, denoted PRN-0; this number is stored locally in the deterministic PRNG 111 as the initial output of the PRNG 111 and is used as the initial prime candidate value PVC. The deterministic order changing module 113 deterministically and sequentially modifies the PVCs (e.g., by adding a decimal "2" to the nearest PVC), and the primality testing unit 112 checks the primality of each such prime candidate value PVC until a validated prime CPN is found. Compressed version generator 183 of first device 101 may then perform an XOR operation between the validated prime number CPN and initial prime number candidate PRN-0, and the XOR result is stored locally as a correction parameter that may immediately convert initial prime number candidate PRN-0 to validated prime number CPN, thereby eliminating the need for any sequential or iterative modification of prime number candidate value PVC. The first device 101 may then send or communicate or transmit only the correction parameter (and without sending any value(s) of any iteration counter (s)) to the second device 102; and the second device 102 can directly and immediately regenerate the confirmed prime CPN using its correction-based CPN regenerator 182; for example, the full-length validated prime number CPN is directly regenerated by generating an initial prime candidate value PRN-0 with its deterministic PRNG 122, and then performing an XOR operation with the PRN-0 using the correction parameters received from the first device 101. Such embodiments may be used particularly in connection with relatively small prime numbers, and/or in connection with systems operating in accordance with the ANSIX9.31 standard, and/or in connection with proprietary or non-standard prime number generation embodiments that a particular entity may implement.

Other suitable methods or formats may be used to create a compressed version of the full-length confirmed prime number, or decompress it back into its full-length format, or otherwise regenerate the confirmed prime number without performing a primality test.

Some embodiments may reduce the use of memory for storing prime numbers and/or save the amount of secure memory (which may be sparse or limited) for storing prime numbers. For example, a seed value of 256 bits may be used to generate an RSA cryptographic key of size 4,096 bits, which then requires 4,096 bits of secure memory for storage. In contrast, some embodiments may regenerate a large prime number by utilizing, for example, six counters, each with, for example, 16 bits of data, which is typically sufficient to count iterations until a confirmed prime number is reached; so that the values of six such counters are represented with a total of 6 x 16-96 bits; or only a total of 352 bits (i.e., 96 bits representing 6 counters, plus 256 bits of the secret seed) are required to store the RSA cryptographic key in a compressed format. This may save the usage of secure memory by a factor of substantially eleven, thereby reducing the usage of secure memory from 4,096 bits to 352 bits (in some illustrative embodiments) for secure storage of a single RSA key. In practice, storage space in some computerized systems may be abundant; however, secure memory can be extremely limited, especially in small form factor devices, portable devices, mobile devices, battery-powered devices, internet of things (IoT) devices.

Similarly, such embodiments may significantly save (or reduce) bandwidth for sending, receiving, transmitting, and/or transmitting cryptographic parameters and/or prime numbers; because, for example, in some embodiments, instead of transmitting 4,096 bits per RSA key, only 352 bits may be transmitted per RSA key. The reduction in bandwidth may also translate into a reduction in transmission/reception time, and a reduction in energy resources consumed by transmission/reception, or a reduction in errors that may occur during such transmission/reception.

In some embodiments, a secure communication channel may not necessarily be required to enable secure transmission of a compressed version of the confirmed prime CPN from the first device 101 to the second device 102. Instead, the two devices 101-102 may have pre-stored the same secret seed S as the shared secret; alternatively, the establishment of such a secret seed on both devices may be performed using Diffie-Hellman (DH) key exchange (e.g., the stronger device, i.e., the first device 101, generates the secret seed using a True Random Number Generator (TRNG) or via other means). Even if intercepted by an attacker, the transmission of the value of the iteration counter (C1) is not sufficient to generate the confirmed prime number itself; even an attacker knows that device 101 or 102 uses a particular deterministic PRNG; since the secret seed value is necessary to successfully regenerate the validated prime number.

In some embodiments, a secure or protected communication channel is used for any communication(s), or at least some such communications, between the first device 101 and the second device 102; for example, to prevent an attacker or adversary from intercepting and replacing the message(s) with erroneous data, resulting in the regenerated number not being a confirmed prime number. For example, if the first device 101 insecure sends a message "17" as the final value of the iteration counter C1 to the second device 102, an attacker (e.g., a man-in-the-middle or other adversary) may intercept the message and replace the value of "17" with "13" so that the second device 102 generates a number after only 13 iterations rather than 17 iterations, which the second device 102 will consider as a confirmed prime number even though the number is not a prime number. Thus, the first device 101 may utilize the message encryption/decryption unit 187 and the second device 102 may utilize the message encryption/decryption unit 188 in order to encrypt and decrypt messages exchanged between them, e.g. by utilizing cryptographic key (S) that may be derived from the secret seed value S. Other methods may be utilized to ensure that the communication between the two devices 101-102 is not intercepted or tampered with.

According to some embodiments, the regeneration or decompression of prime numbers at the second device 102 may be performed quickly and/or efficiently in a shorter period of time while consuming a smaller amount of processing resources and/or memory resources; since such regeneration or decompression does not require any primality testing; alternatively, in some embodiments, such regeneration does not require any power-consuming majority calculations or arithmetic; thus, such regeneration may be performed quickly even on "weak" devices (e.g., IoT sensors or IoT devices, or entry level/feature-reduced electronic devices). This, in turn, may help to reduce the potential cost of producing such IoT devices and/or such electronic devices, as this may no longer require a large amount of processing resources for the generation of large prime numbers. Similarly, regeneration or decompression of large prime numbers can be performed more quickly, even on feature-reduced devices, since no extensive computation or arithmetic is required.

Reference is made to fig. 2A, which is a schematic illustration of another system 200, in accordance with some demonstrative embodiments. System 200 may be a particular implementation of system 100 that is specifically modified and configured to enable an RSA cryptographic system (e.g., a non-CRT cryptographic system that does not utilize Chinese Remainder Theorem (CRT) in order to simplify the discussion herein).

For example, the first device 201 may be a computer or server computer and may perform full generation of prime numbers including primality tests; while the second device 202 may be a "weaker" electronic device (e.g., portable device, IoT sensor, IoT device) that may regenerate the validated prime number based only on the compressed version of the validated prime number received by the second device 202 from the first device 101.

Each of the devices 201 and 202 stores therein the same secret seed, denoted S, and optionally also the same additional data, denoted a. Furthermore, each of the devices 201 and 202 includes and utilizes the same deterministic PRNG unit (211 and 212, respectively) as part of the prime number generator unit.

The first device 201 performs a search for large primes using other components of its deterministic PRNG unit 211 and/or its prime number generator unit 231 (e.g., which includes a primality test unit 215 that checks the primality of prime number candidate values). The prime number generator unit 231 finds a prime number that has been tested for primality and validated within the first device 201. Upon finding the confirmed prime CPN (denoted 295) as such, the reduced size representation generator 291 of the first device 201 generates a reduced size representation 293 (or compressed version) of the confirmed prime CPN. For example, the size reduction representation may include the final values of six iteration counters used by the first device 201 in its iterative operation of the deterministic PRNG unit. The size reduction representation 293 comprising the six counter values may be sent or transmitted from the first device 201 to the second device 202 instead of transmitting the full length acknowledged prime CPN.

Alternatively, in some implementations, the reduced size representation 293 of the CPN may be or may indicate a correction parameter, which enables the second device 202 to reconstruct or regenerate the full-length CPN at a time by utilizing the deterministic PRNG212, and then perform an XOR operation on its output with the correction parameter received from the first device 201.

The second device 202 receives the reduced size representation 293, for example comprising six counter values, and stores it locally. The deterministic PRNG unit 212 of the prime re-generator unit 232 operates iteratively by the number of iterations indicated by those received values indicated in the reduced size representation 293. When the number of iterations of each of the six iteration counters involved is reached, the output of the prime re-generator unit 232 is the same validated prime CPN that has been found by the first device 201 without performing any primality tests in the second device 202, which the second device 202 can then use for cryptographic tasks.

In some implementations, for example, the system 200 can be used in conjunction with a public or private key based on a non-secret public exponent E (e.g., which may be short) and a secret private exponent D, and a non-secret modulus N (e.g., having a larger size, such as in the range of 2,048 bits to 8,096 bits). The modulus may be made up of two (or more) large secret prime numbers (denoted as P and Q) such that N ═ P × Q. Conversely, each large prime number (P and Q) may be constructed according to predefined safety considerations; for example, let (P-1) ═ P1 × k1, and (P +1) ═ P2 × k 2; wherein each of P1 and P2 is also a prime number and has a larger size (e.g., in the range of 100-300 bits); wherein K1 and K2 are both integers; where prime numbers Q are similarly constructed based on similar predefined security considerations. The common index E may be chosen to be a small odd number (e.g., 3, or 7, or 65,537). The private index D is calculated from a deterministic modulo inverse function (denoted F) using E and P and Q as its parameters; so that D ═ F (E, P, Q).

The amount of secure storage or cryptographic storage of an RSA cryptosystem may depend on the size of the secret prime utilized. Thus, if a large prime number is utilized, generation of cryptographic keys may take longer, and storage of such cryptographic keys may require more space in secure memory or secure storage (e.g., may be limited non-volatile hard-coded memory for secure boot mechanisms or for other sensitive tasks).

Referring to fig. 2B, this figure is a more detailed illustration of the first device 201 of fig. 2A. Instead of generating the large prime number P directly, the first device 201 generates the large prime number P based on two auxiliary prime numbers (P1 and P2).

For example, the first device 201 generates an initial prime candidate value for each of the three primes (i.e., P1, P2, and P) by utilizing its deterministic PRNG unit 212A, which 212A is seeded by the secret seed S and optionally with additional data a (e.g., a device ID, a key ID, or other unique number). Each prime candidate value, denoted PCV1, PCV2 and PCV respectively, is primality tested by the primality testing unit 215 of the first device 201. If all the primality tests for all three prime candidates (P1, P2, and P) are positive, the prime generation algorithm stops because a confirmed prime is found; otherwise, the counter for each appropriate prime candidate value (counters C1, C2, and C3) is incremented by 1, then the next prime candidate value is sequentially calculated (by the deterministic sequence changing module 218 of the first device 201), and then a primality test is performed. The process is iteratively performed for each prime number (P1, P2, and P) in the first set of three prime numbers.

The same procedure is also performed in the first device 201 to find a second set of three prime numbers (denoted Q1, Q2, and Q) by: an iterative, sequential change is made with the deterministic PRNG unit 212B generating prime candidate values (denoted as QVC1, QVC2, and QVC) and corresponding candidate values counted via three counters (denoted as C4, C5, and C6, respectively) and the described primality test is performed.

Upon generation of the confirmed prime number P, the first device 201 stores the current values of the associated iteration counters C1, C2, and C3; for example as a three-element tuple or triplet (C1, C2, C3), or as a five-element tuple or quintet (S, A, C1, C2, C3). Similarly, in generating the confirmed prime number Q, the first device 201 stores the current values of the associated iteration counters C4, C5, and C6; for example as a three-element tuple or triplet (C4, C5, C6), or as a five-element tuple or quintet (S, A, C4, C5, C6).

Then, the first device 201 generates and sends to the second device 202 a message comprising at least these final values of the six iteration counters (C1, C2, C3, C4, C5, C6); and such messages are compressed representations or reduced-size versions of prime numbers P and Q, which enable them to be regenerated by the second device 202 without performing any primality tests in the second device 202.

Referring to fig. 2C, this figure is a more detailed illustration of the second device 202 of fig. 2A. For example, the second device 202 generates initial candidates for each of the three prime numbers (i.e., P1, P2, and P) by utilizing its deterministic PRNG unit 222A, which deterministic PRNG unit 222A is seeded by the secret seed S and optionally with additional data a (e.g., device ID, key ID, or other unique number). However, the second device 202 does not prime any of these candidates. Instead, the second device 202 checks with one or more counter comparator units 219 whether it has actually reached the number of iterations indicated in the received message (i.e. C1, C2, C3, C4, C5, C6). If the counter has not reached its target value based on the received message, the value of the counter is incremented by 1 and the associated operation is performed again; that is, the deterministic order change module 228 of the second device 202 generates the next prime candidate. Conversely, once the counter reaches its target value based on the received message, the operations associated with this counter are not repeated; and once all six counters have reached their respective targets, the algorithm stops and generates two already validated prime numbers (P and Q) without performing any primality tests in the second device 202. This regenerated prime number (P and Q) then enables the second device to locally compute all relevant parameters (e.g., parameters P, Q, N and D) of the RSA private or public key using the public exponent E.

Some embodiments may include methods and systems for generating and utilizing one or more (e.g., secret) prime numbers, particularly for cryptographic algorithms or operations or units. For example, a secret seed value (e.g., known to two particular devices but unknown to other devices or entities), optionally together with additional data (e.g., a hash value or portion thereof derived from the secret seed value or portion thereof), is used as input to at least one deterministic PRNG unit, which in turn generates an initial Prime Candidate Value (PCV). Stronger equipment can perform a primality test on the initial PCV; the deterministic sequential modification unit modifies the initial PCV into subsequent values that are iteratively tested until the first PCV is identified as a prime number. The stronger device then indicates to the weaker device (from the initial PCV generation) how many iterations of such sequential modifications are to be performed until a prime number is generated; the weaker device performs a similar process locally, but without any primality testing in the weaker device, until it generates a PCV that is a prime number that has been validated. The indication may be, for example, the values of one or more counters that count sequential modification iterations of the candidate values; alternatively, other suitable indications may be provided.

Optionally, the additional data may include, or may contain, or may be based on, or may be derived from, Key identification data (KeyID or Key-ID) and/or User identification data (UserID or User-ID), or from a unique device ID (e.g., may be allocated or assigned to such a device (e.g., to a weaker device) during serialization of such a device).

In some embodiments, the final value of the counter may be compared to a predefined maximum value; also, if some or at least one of the counters exceeds a predefined maximum value, the generation process of prime numbers may be repeated starting with deterministic PRNG input data that changes according to a deterministic algorithm, possibly by sequentially incrementing any member of such data.

In some embodiments, the regeneration of the validated prime number at the weaker device may be performed by the same or equal deterministic algorithm or function and input data used in the initial generation of the validated prime number at the stronger device; also, the sequential changing process of prime candidate values is performed in the weaker device, but without the necessity of performing a primality test, until all such iterated counter(s) have reached the final counter values received from the stronger device when generating the confirmed prime at the stronger device.

The compressed format or reduced-size representation of the prime number(s) may be stored in a storage device or memory unit or repository; e.g. indicating a secret seed value, optionally also additional data and the value(s) of the iteration counter(s). Alternatively, the compressed representation of the confirmed prime numbers passed by the stronger device to the weaker device may include only an indication of the number of sequential iterations of the initial PCV modification that need to be performed; since the weaker device may have stored therein (e.g., securely) the same secret seed value, the same additional data, the same deterministic PRNG function, and the same deterministic order modification function that are also utilized by the stronger device.

In some embodiments, the first device and the second device may optionally be the same, or may be the same single device or system, or may be two units or sub-units in one single apparatus (or co-located therein); for example, a first unit of the apparatus is caused to generate a validated prime number that passes the primality test, and then the number of iterations to be performed (or other indication of a reduced size representation of the validated prime number) is transmitted (e.g., directly; or via an intermediate memory unit or storage unit) to a second unit of the apparatus; and then the second unit of the same device regenerates (e.g., at a later point in time) the same already confirmed prime number by performing the indicated number of iterations and without performing any primality tests by the second unit of the device.

Optionally, the generation, storage, transmission and/or regeneration of prime numbers may be performed as part of the generation, storage, transmission and/or regeneration of private and public key pairs for the RSA algorithm or another cryptographic algorithm; for example, by selecting a common index, at least two prime factors (P, Q, optionally with additional prime factors) are generated, which should optionally meet additional requirements; such as the requirement that for the factor P (and similarly for the factor Q, optionally also other prime factors), the values (P-1) and (P +1) have a larger prime factor (P1, P2); and such prime numbers may be generated, stored, transmitted, and/or regenerated according to the method(s) described above.

Alternatively, some embodiments, such as in a cryptographic RSA system or similar system, may utilize two (or more) different types of size reduction representations of already validated prime numbers. For example, a first type of representation may be utilized for a confirmed prime number, further utilization of which is independent of other values or other conditions (e.g., confirmed prime numbers such as P1, P2, Q1, Q2); such that this first type of size reduction representation is between the final prime candidate value (which is the validated prime) and the initial prime candidate value originally generated by the deterministic PRNG, possibly based on the result of an XOR or subtraction operation. A second type of representation may be utilized for the confirmed prime number, further utilization of which depends on other values or other conditions (e.g., confirmed prime numbers, such as P, Q); such that the second type of size reduction represents a value of a counter of the modified iteration that may be based on the initial prime candidate value. Such embodiments may utilize two (or more) different types of size reduction representations for different types of confirmed prime numbers to achieve one or more implementation goals, particularly to achieve an enhanced size reduction representation of the confirmed prime numbers, and/or to reduce the time or processing resources required to regenerate the confirmed prime numbers. For example, for a confirmed prime number for which further utilization is independent of other prime numbers or other conditions: each of these two types of size reduction representations may yield a sufficiently small (size reduced) representation, and if the first type of size reduction representation is utilized (e.g., based on the results of XOR or subtraction operations), then such a regeneration of the validated prime numbers may be faster or more resource efficient. Rather, for a confirmed prime number whose utilization depends on satisfaction of other conditions (e.g., whose utilization depends on a particular relationship with other prime numbers): a first type of size reduction representation (e.g., using XOR or subtraction operations) may result in (in some cases) a size reduction representation that is too long or too large in size because there may be a large distance between the initial prime candidate value and the final prime candidate value (which is a confirmed prime); while a second type of representation based on the iteration counter value may result in a smaller size representation for the second type of confirmed prime number, even if the regeneration of such confirmed prime number (in some cases) is somewhat slower when using this type of size reduction representation.

In some embodiments, the calculations, operations and/or determinations may be performed locally within a single device, or may be performed by or across multiple devices, or may be performed partially locally and partially remotely (e.g., on a remote server) by optionally exchanging raw and/or processed data and/or processing results using a communication channel.

Although portions of the discussion herein refer to wired links and/or wired communications for purposes of illustration, some embodiments are not limited in this regard and may utilize wired and/or wireless communications; may include one or more wired and/or wireless links; one or more components that may utilize wired and/or wireless communication; and/or may utilize one or more methods or protocols or standards for wireless communication.

Some embodiments may utilize a special purpose machine or a special purpose device that is not a general purpose computer, or may use a non-general purpose (non-general) computer or machine. Such a system or device may utilize or may include one or more components or units or modules that are not part of a "non-general purpose" computer nor part of a "general purpose" computer, such as, for example, a cellular transceiver, a cellular transmitter, a cellular receiver, a GPS unit, a location determining unit, accelerometer(s), gyroscope(s), device orientation detector or sensor, device location detector or sensor, and the like.

Some embodiments may utilize an automated method or process, or a machine-implemented method or process, or as a semi-automated or partially automated method or process, or as a set of steps or operations that may be performed or carried out by a computer or machine or system or other device.

Some embodiments may utilize code or program code or machine-readable instructions or machine-readable code, which may be stored on a non-transitory storage medium or a non-transitory storage article (e.g., a CD-ROM, a DVD-ROM, a physical memory unit, a physical storage unit), such that the program or code or instructions, when executed by a processor or machine or computer, cause such processor or machine or computer to perform the methods or processes described herein. Such code or instructions may be or may include, for example, one or more of the following: software, software modules, applications, programs, subroutines, instructions, instruction sets, computing code, words, values, symbols, strings, variables, source code, compiled code, interpreted code, executable code, static code, dynamic code; including, but not limited to, code or instructions in a high-level programming language, a low-level programming language, an object-oriented programming language, a Visual programming language, a compiled programming language, an interpreted programming language, C, C + +, C #, Java, JavaScript, SQL, Ruby on Rails, Go, Cobol, Fortran, ActionScript, AJAX, XML, JSON, Lisp, Eiffel, Verilog, Hardware Description Language (HDL), register conversion level (RTL), BASIC, Visual BASIC, Matlab, Pascal, HTML5, CSS, Perl, Python, PHP, machine language, machine code, assembly language, and the like.

Discussions utilizing terms such as, for example, "processing," "computing," "calculating," "determining," "establishing," "analyzing," "checking," "detecting," "measuring," or the like, herein may refer to operation(s) and/or process (es) of a processor, computer, computing platform, computing system, or other electronic or computing device that may manipulate and/or transform physical (e.g., electronic) quantities represented as within registers and/or accumulators and/or memory units and/or storage units into other data that may perform other suitable operations.

As used herein, the term "plurality" includes, for example, "a plurality" or "two or more". For example, "a plurality of items" includes two or more items.

References to "one embodiment," "an embodiment," "illustrative embodiment," "various embodiments," "some embodiments," and/or similar terms may indicate that the embodiment(s) so described may optionally include a particular feature, structure, or characteristic, but every embodiment may not necessarily include the particular feature, structure, or characteristic. Moreover, repeated use of the phrase "in one embodiment" does not necessarily refer to the same embodiment, although it may. Similarly, repeated use of the phrase "in some embodiments" does not necessarily refer to the same series or group of embodiments, although it may.

As used herein, unless otherwise specified the use of ordinal adjectives (such as "first", "second", "third", "fourth", etc.) to describe an item or object, merely indicate that different instances of such items or objects are being referred to; it is not intended to imply that the items or objects so described must be in a particular given sequence, either temporally, spatially, in ranking, or in any other ordered manner.

Some embodiments may be used in or in conjunction with a variety of devices and systems, such as, for example, Personal Computers (PCs), desktop computers, mobile computers, laptop computers, notebook computers, tablet computers, server computers, handheld devices, Personal Digital Assistant (PDA) devices, handheld PDA devices, tablet computers, in-vehicle devices, off-board devices, hybrid devices, vehicle devices, non-vehicle devices, mobile or portable devices, consumer devices, non-mobile or non-portable devices, appliances, wireless communication stations, wireless communication devices, wireless Access Points (APs), wired or wireless routers or gateways or switches or hubs, wired or wireless modems, video devices, audio-video (A/V) devices, wired or wireless networks, wireless local area networks, Wireless Video Area Networks (WVAN), Local Area Networks (LAN), Wireless Local Area Networks (WLAN), Personal Area Networks (PAN), wireless PANs (wpan), etc.

Some embodiments may be used with one-way and/or two-way radio communication systems, cellular radiotelephone communication systems, mobile telephones, cellular telephones, radiotelephones, Personal Communication Systems (PCS) devices, PDAs or handheld devices incorporating wireless communication capabilities, mobile or portable Global Positioning System (GPS) devices, devices incorporating GPS receivers or transceivers or chips, devices incorporating RFID elements or chips, multiple-input multiple-output (MIMO) transceivers or devices, single-input multiple-output (SIMO) transceivers or devices, multiple-input single-output (MISO) transceivers or devices, devices having one or more internal and/or external antennas, Digital Video Broadcasting (DVB) devices or systems, multi-standard radio devices or systems, wired or wireless handheld devices (e.g., smartphones), Wireless Application Protocol (WAP) devices, and the like.

Some embodiments may include or may be implemented through the use of "apps" or applications that may be downloaded or obtained from an "app store" or "app store" for free or fee, or may be pre-installed on a computing or electronic device, or may be transmitted to and/or installed on such a computing or electronic device.

In some embodiments, an apparatus comprises: a memory unit to store a secret seed value and to store an incoming indication of a required number of iterations; a deterministic pseudo-random number generator (PRNG) to receive the secret seed value as an input and generate a candidate value; a deterministic order modification unit to iteratively modify the candidate values according to the required number of iterations; a prime number regenerator to output the candidate values sequentially modified by the required number of iterations as confirmed prime numbers. Optionally, the memory unit further stores additional data items; where the deterministic PRNG uses a secret seed value and an additional data item as inputs.

For example, the additional data item includes at least one of: a hash value of the secret seed value; a portion of a hash value of the secret seed value; a hash value of a portion of the secret seed value; a portion of the hash value of a portion of the secret seed value. For example, the additional data items include at least a portion of data integrity values generated from one or more of: a secret seed value; the number of iterations required; an initial candidate value generated by an initial run of a deterministic Pseudo Random Number Generator (PRNG) seeded by a secret seed value; and finally regenerating prime candidate values. Optionally, the additional data item comprises at least one of: a unique Key-ID of the device; a unique User-ID for the device; a unique Device-ID of the Device; a unique serialized identifier of the device.

For example, the memory unit is used to store the incoming final values of six iteration counters; wherein the prime number generator is to sequentially search for two prime numbers (P, Q) and corresponding two sets of prime factors (P1, P2; Q1, Q2) that meet a predefined condition by: iteratively modifying the two prime numbers and the candidate values for the prime factors until an incoming final value of all iteration counters and/or a comparison condition is reached. Optionally, the apparatus further comprises: a cryptography unit to utilize the validated prime number in at least one operation selected from the following operations: encoding operations, decoding operations, cryptographic operations. Optionally, the apparatus further comprises: a wireless communication receiver to wirelessly receive an incoming indication of a desired number of iterations from a remote server over a secure wireless communication link. Optionally, the prime generator outputs the validated prime without performing any primality tests on any candidate values.

In some embodiments, an apparatus comprises: a memory unit to store a secret seed value and to store an additional data item; a deterministic pseudo-random number generator (PRNG) to receive the secret seed value and the additional data item as inputs and generate a candidate value; a deterministic order modification unit to iteratively modify the candidate values, wherein an iteration counter is incremented upon each iteration by the deterministic order modification unit; a primality testing unit for determining that a specific candidate value is a confirmed prime number and outputting a current value of the iteration counter; a prime reduced size representation generator to generate a reduced size representation of the validated prime, which representation enables a remote device to locally regenerate the validated prime.

For example, the apparatus further comprises: a wireless communication transmitter to transmit a message indicating the current value of the iteration counter to a remote device via a secure wireless communication link; wherein the message enables the remote device to locally regenerate the confirmed prime number based on: (i) the message, (ii) the secret seed value, and (iii) the additional data item. Optionally, the prime size reduction representation generator is to generate a size reduction representation of the validated prime including: the current value of the iteration counter. Optionally, the prime size reduction representation generator is to generate a size reduction representation of the identified prime comprising a difference between: (i) the validated prime number, and (ii) an initial candidate value generated by the deterministic PRNG unit. Optionally, the prime size reduction representation generator is to generate a size reduction representation of the validated prime including the result of an XOR operation between: includes (i) the least significant K bits of the validated prime number, and (ii) the least significant K bits of an initial candidate value generated by the deterministic PRNG unit. Optionally, the prime size reduction representation generator will sequentially search for two prime numbers (P, Q) and corresponding two sets of prime factors (P1, P2; Q1, Q2) that meet a predefined condition by: (I) iteratively modifying the two prime numbers and the candidate values for the prime factors until a set of confirmed prime numbers is reached; and (II) storing six final values of six respective iteration counters that enable the remote device to regenerate the two prime numbers and the prime factors therefrom.

In some embodiments, an apparatus comprises: a memory unit to store a secret seed value; a deterministic pseudo-random number generator (PRNG) to receive the secret seed value as an input and generate a candidate value; a deterministic order modification unit to iteratively modify the candidate values through one or more iterations via a deterministic value modification function; at least one of: (I) a prime number generator comprising: a primality testing unit for determining that a specific candidate value is a confirmed prime number and outputting a current value of an iteration counter when the confirmed prime number is reached; a prime reduced size representation generator to generate a reduced size representation of the validated prime, which representation enables another unit to regenerate the validated prime from the reduced size representation; (II) a prime re-generator to receive as input an incoming indication of a required number of iterations, to cause the deterministic order modification unit to iteratively modify the candidate value by the required number of iterations, wherein an iteration counter is incremented on each iteration by the deterministic order modification unit, and to output the candidate value modified sequentially by the required number of iterations as a validated prime.

Optionally, the device comprises both a prime number generator and a prime number re-generator, implemented as two units located together within the same housing and having shared access to the secret seed value. For example, the apparatus further comprises: a storage unit to store a size-reduced representation of a prime number; wherein the prime number generator generates a full length confirmed prime number and writes a reduced size representation of the confirmed prime number into the storage unit; wherein the prime re-generator reads a reduced size representation of the validated prime from the storage unit and regenerates the validated prime. Optionally, the device comprises both a prime number generator and a prime number re-generator, implemented as two units located together within the same housing and having shared access to the secret seed value; wherein a single deterministic PRNG serves both a prime number generator and a prime number re-generator; wherein a single deterministic sequential modification unit serves both the prime number generator and the prime number re-generator.

In some embodiments, the method comprises: regenerating, at the first electronic unit, a number that has been confirmed as prime at the second unit, by performing: generating a candidate value via a deterministic pseudo-random number generator (PRNG) function fed with a secret seed value, the secret seed value being known to the first unit and the second unit; the candidate values are sequentially modified in a deterministic manner for a particular number of modification-iterations indicated in the message sent from the second unit to the first unit. Optionally, the method comprises: outputting the latest candidate value as a regenerated already confirmed prime number when performing the particular number of modification-iterations of the candidate value. Optionally, the method comprises: utilizing the regenerated confirmed prime number in a cryptographic operation.

The functions, operations, components and/or features described herein with reference to one or more embodiments may be combined or utilized with one or more other functions, operations, components and/or features described herein with reference to one or more other embodiments. Some embodiments may include any possible or suitable combination, rearrangement, assembly, reassembly, or other utilization of some or all of the modules or functions or components or units described herein, even if they are discussed in different locations or in different sections of the above discussion, or even if they are shown in different figure or figures.

While certain features of some illustrative embodiments have been illustrated and described herein, various modifications, substitutions, changes, and equivalents may occur to those skilled in the art. It is therefore intended that the following claims cover all such modifications, alternatives, variations, and equivalents.

Claims (22)

1. An apparatus, comprising:

a memory unit to store a secret seed value and to store an incoming indication of a required number of iterations;

a deterministic pseudo-random number generator (PRNG) to receive the secret seed value as an input and generate a candidate value;

a deterministic order modification unit to iteratively modify the candidate values for the required number of iterations;

a prime re-generator to output the candidate values sequentially modified for the required number of iterations as confirmed prime numbers.

2. The apparatus as set forth in claim 1, wherein,

wherein the memory unit further stores an additional data item;

wherein the deterministic PRNG uses the secret seed value and the additional data item as inputs.

3. The apparatus as set forth in claim 2, wherein,

wherein the additional data item comprises at least one of:

a hash value of the secret seed value;

a portion of a hash value of the secret seed value;

a hash value of a portion of the secret seed value;

a portion of a hash value of a portion of the secret seed value.

4. The apparatus as set forth in claim 2, wherein,

wherein the additional data items comprise at least a portion of data integrity values generated from one or more of:

the secret seed value;

the required iteration number;

an initial candidate value generated by an initial run of the deterministic Pseudo Random Number Generator (PRNG) seeded by the secret seed value;

and finally regenerating prime candidate values.

5. The apparatus as set forth in claim 2, wherein,

wherein the additional data item comprises at least one of:

a unique Key-ID of the device;

a unique User-ID for the device;

a unique Device-ID of the Device;

a unique serialized identifier of the device.

6. The apparatus of any of the preceding claims,

wherein the memory unit is to store incoming final values of six iteration counters;

wherein the prime number generator is to sequentially search for two prime numbers (P, Q) and corresponding two sets of prime factors (P1, P2; Q1, Q2) that meet a predefined condition by: iteratively modifying the two prime numbers and candidate values for the prime factors until the incoming final values for all iteration counters and/or a comparison condition are reached.

7. The apparatus of any preceding claim, further comprising:

a cryptography unit to utilize the validated prime number in at least one operation selected from the following operations: encoding operations, decoding operations, cryptographic operations.

8. The apparatus of any preceding claim, further comprising:

a wireless communication receiver to wirelessly receive an incoming indication of a desired number of iterations from a remote server over a secure wireless communication link.

9. The apparatus of any of the preceding claims,

wherein the prime generator outputs the validated prime without performing any primality tests on any candidate values.

10. An apparatus, comprising:

a memory unit to store a secret seed value and to store an additional data item;

a deterministic pseudo-random number generator (PRNG) to receive the secret seed value and the additional data item as inputs and generate a candidate value;

a deterministic order modification unit to iteratively modify the candidate values, wherein an iteration counter is incremented upon each iteration by the deterministic order modification unit;

a primality testing unit for determining that a specific candidate value is a confirmed prime number and outputting a current value of the iteration counter;

a prime reduced size representation generator to generate a reduced size representation of the validated prime, which representation enables a remote device to locally regenerate the validated prime.

11. The apparatus of claim 10, further comprising:

a wireless communication transmitter to transmit a message to the remote device via a secure wireless communication link indicating the current value of the iteration counter;

wherein the message enables the remote device to locally regenerate the confirmed prime number based on: (i) the message, (ii) the secret seed value, and (iii) the additional data item.

12. The apparatus according to any one of claims 10 and 11,

wherein the prime reduced size representation generator is to generate a reduced size representation of the validated prime including: the current value of the iteration counter.

13. The apparatus according to any one of claims 10 and 11,

wherein the prime reduced size representation generator is to generate a reduced size representation of the identified prime comprising a difference between: (i) the validated prime number, and (ii) an initial candidate value generated by the deterministic PRNG unit.

14. The apparatus according to any one of claims 10 and 11,

wherein the prime size reduction representation generator is to generate a size reduction representation of the validated prime including the result of the XOR operation between: (i) the least significant K bits of the validated prime number, and (ii) the least significant K bits of an initial candidate value generated by the deterministic PRNG unit.

15. The apparatus according to any one of claims 10 and 11,

wherein the prime size reduction indicates that the generator is to sequentially search for two prime numbers (P, Q) and corresponding two sets of prime factors (P1, P2; Q1, Q2) that meet a predefined condition by: (I) iteratively modifying the two prime numbers and the candidate values for the prime factors until a set of confirmed prime numbers is reached; and (II) storing six final values of six respective iteration counters that enable the remote device to regenerate the two prime numbers and the prime factor therefrom.

16. An apparatus, comprising:

a memory unit to store a secret seed value;

a deterministic pseudo-random number generator (PRNG) to receive the secret seed value as an input and generate a candidate value;

a deterministic order modification unit to iteratively modify the candidate values through one or more iterations via a deterministic value modification function;

at least one of:

(I) a prime number generator comprising:

a primality testing unit for determining that a specific candidate value is a confirmed prime number and outputting a current value of an iteration counter when the confirmed prime number is reached;

a prime reduced size representation generator to generate a reduced size representation of the validated prime, which representation enables another unit to regenerate the validated prime from the reduced size representation;

(II) a prime number re-generator,

to receive as input an incoming indication of the number of required iterations,

to cause the deterministic order modification unit to iteratively modify the candidate value for the required number of iterations, wherein an iteration counter is incremented on each iteration by the deterministic order modification unit, and

to output a candidate value sequentially modified for the desired number of iterations as a confirmed prime number.

17. The apparatus as set forth in claim 16, wherein,

wherein the device comprises both the prime number generator and the prime number re-generator, implemented as two units located together within the same housing and having shared access to the secret seed value.

18. The apparatus according to any one of claims 16 and 17, further comprising:

a storage unit to store a size-reduced representation of a prime number;

wherein the prime number generator generates a full length confirmed prime number and writes a reduced size representation of the confirmed prime number into the storage unit;

wherein the prime re-generator reads a reduced size representation of the validated prime from the storage unit and regenerates the validated prime.

19. The apparatus as set forth in claim 16, wherein,

wherein the device comprises both the prime number generator and the prime number re-generator, implemented as two units located together within the same housing and having shared access to the secret seed value;

wherein a single deterministic PRNG serves both the prime number generator and the prime number re-generator;

wherein a single deterministic order modification unit serves both the prime number generator and the prime number re-generator.

20. A method, comprising:

regenerating, at the first electronic unit, a number that has been confirmed as prime at the second unit, by performing the following operations:

generating a candidate value via a deterministic pseudo-random number generator (PRNG) function fed with a secret seed value, the secret seed value being known to the first unit and the second unit;

sequentially modifying the candidate values in a deterministic manner for a particular number of modification-iterations indicated in a message sent from the second unit to the first unit.

21. The method of claim 20, comprising:

outputting the latest candidate value as a regenerated already confirmed prime number when performing the particular number of modification-iterations of the candidate value.

22. The method according to any one of claims 20 and 21, comprising:

utilizing the regenerated confirmed prime number in a cryptographic operation.

Images